Introduction: Encryption seems to becoming more popular and one can install onto an encrypted hard drive with the Alternate CD.

Guided - use entire disk and set up encrypted LVM

There is no (obvious) option to add additional partitions such as either a /home or /data partition. Now a big part of this problem can be solved if you understand the partitioning options on the Alternate CD, I will save that for another how-to ....

For this how-to I used the default partitioning/encryption scheme. The LUKS crypt is called "crypt1" and I called the LV group "hardy" (the installer defaults to your hostname).

Terminology

Compartments within compartments.

LUKS = Linux Unified Key Setup.

While a detailed explanation of either LVM or encryption is beyond this how to, think of an encrypted system we have multiple containers, the crypt and LVM, and the file system. We need to resize each of those.

Physical partition.

Crypt.

LVM ->

Physical Volume.

Logical Volume.

File system.

Physical partition -> This is a partition on your hard drive to contain the LUKS crypt (The Alternate CD defaults to /dev/sda5 for encryption).

Crypt = LUKS then creates a crypt within the physical partition. The contents of the crypt are, of course, encrypted. The encrypted space is mapped to /dev/mapper/crypt1 , LVM is then used to create partitions within the crypt.

Physical Volume The (LVM) Physical Volume used for encryption is the LUKS crypt, which is mapped to /dev/mapper/crypt1.

Logical Volumes The (LVM) Physical Volume is divided into (LVM) Logical Volumes which are in turn used for / (root partition) and swap. Similar to logical partitions, these are contained within the (LVM) Physical Volume within (LUKS) crypt within the physical partition.

File system = ext3 (or swap) = The actual file system written onto the logical volumes.

Start by knowing your root partition and how you want to resize. Some helpful commands include :

The order of the next steps depends on if you are shrinking or enlarging your encrypted partition. Enlarging is somewhat easier as the defaults of many of the commands is to fill the available space.

Note: If you want to Enlarge your encrypted partition, although adding a second physical hard drive to LVM is "easy" I am not sure you could then add this to your Crypt (the Crypt must be on a single hard drive).

Shrink an encrypted partition

Boot the desktop, live CD. Install & configure the tools (lvm2 and cryptsetup).

2. Reduce the size of your root (LVM) Logical Volume. The -L flag is how much you want to reduce the size of your (LVM) Logical Volume, so keep this in mind.

Display your (LVM) Logical Volumes with lvdisplay.

Code:

sudo lvdisplay

Note how much you need to reduce your root (LVM) Logical Volume by (in my case it was 4.3 Gb).

Code:

sudo lvreduce -L -4.3G /dev/hardy/root

Note: You will need to change the "-4.3G" to the proper size to reduce your root (LVM) Logical Volume to your desired size.

Re-display your (LVM) Logical Volumes to check the final size is correct.

Code:

sudo lvdisplay

3. Resize your (LVM) Physical Volume.

Remove the swap (LVM) Logical Volume. The (LVM) Physical Volume used by LVM can become "fragmented" in that the (LVM) Logical Volumes within the (LVM) Physical Volume are not always in order. There is no defragmentation tool, so if you may need to manually move the (LVM) Logical Volume (back up the data, delete the (LVM) Logical Volume, re-create a replacement (LVM) Logical Volume, restore data from backup).

As the mkswap command finishes it will print the new uuid to the terminal.

Update fstab with new uuid (use any editor).

Code:

sudo mount /dev/hardy/root /mnt

Code:

gksu gedit /mnt//etc/fstab

Copy-paste the new uuid from the terminal to fstab, updating the uuid for your swap partition.

Save and exit gedit.

Unmount the root (LVM) Logical Volume.

Code:

sudo umount /mnt

Re-lock the (LVM) Physical Volume after adding the swap (LVM) Logical Volume (locking the physical volume keeps it from changing).

Code:

sudo pvchange -x n /dev/mapper/crypt1

4. Resize your crypt.

Show the size of your crypt with cryptsetup.

Code:

sudo cryptsetup status crypt1

This shows the size of your crypt in sectors.

Make note of the offset.

offset: 2056 sectors

Resize with cryptsetup.

Code:

sudo cryptsetup -o 2056 -b 11800000 resize crypt1

-o = offset (get this from the status command).
-b = size in sectors. I had to do this by trial and error. After resizing I used Gparted to show the size of the crypt (System -> Administration -> Partition Editor ; select /dev/mapper/crypt1 from the pul down menu). Close gparted after confirming the new size of your crypt.

Note : fdisk does NOT overwrite data, so if you make a mistake you should be able to "undo" the changes.

List your partition information with fdisk.

Code:

sudo fdisk -l

WRITE THIS INFORMATION DOWN (or print it out).

Re-write your partition table. To do this, DELETE your partitions and RECREATE them, but in a smaller size.

You will need to delete and re-create ALL your LVM partitions within your crypt.

Code:

sudo fdisk /dev/sda

This was my fdisk session :

The number of cylinders for this disk is set to 1305.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
(e.g., DOS FDISK, OS/2 FDISK)

Re: How to: Resize an Encrypted Partition (LUKS)

Further considerations about resizing a live LUKS-encrypted LVM

Hi Bodhi, thanks for this useful article. I have experimented further and it *seems* that the "cryptsetup resize" might be useless for a LUKS partition, at is *seems* that it uses the complete available partition size anyway. After I enlarged a partition holding a LUKS container (and rebooted), "cryptsetup status" for the container gave me the exact same numbers *before* and *after* "cryptsetup resize", so I truly wonder if it is of any use. The LUKS container was actually bigger than previously, so I assume it worked "automagically"

Furthermore, I was able to successfully "hot extend" the encrypted LVM partition holding my complete live system *without* having to do it booting from a "live CD", but truly from the live system itself.

Re: How to: Resize an Encrypted Partition (LUKS)

Resize with cryptsetup.

Code:

sudo cryptsetup -o 2056 -b 11800000 resize crypt1

-o = offset (get this from the status command).
-b = size in sectors. I had to do this by trial and error. After resizing I used Gparted to show the size of the crypt (System -> Administration -> Partition Editor ; select /dev/mapper/crypt1 from the pul down menu). Close gparted after confirming the new size of your crypt.

First thank you very much for this tutorial, I successfully shrinked my luks partition without problem.

I would just like to add some informations about how to get the size when shrinking.

In my case I didn't make use of LVM so I had an ext2 volume directly inside my luks partition.

Therefore, the size to give to "cryptsetup resize" was the one of the shrinked ext2 volume, as given by the "resize2fs" command (the -M option is to automatically shrink the volume to the minimum size) :

You can convert the number of blocks into a number of sectors using a simple golden rule.

You can get the number of bytes per block with the command "sudo tune2fs -l /dev/mapper/bak", for instance.
You can get the number of bytes per sector with "fdisk", for instance.
I let you do the rest.

To know which size to give to fdisk for the new partition (it's a little bit bigger than the luks partition, I don't know the exact rule), I simply noted the size of the partition before the operation and reduced it by the same amount as the luks partition had been shrinked by.

It worked like a charm : I had a shrinked luks partition with 0 byte available (the goal, was to transfer its data to another partition, then delete it to recreate it somewhere else)

Re: How to: Resize an Encrypted Partition (LUKS)

Hi there! I wanted to know if this guide is correct for me or to guide me to accomplish something. Right now -- I currently have Ubuntu 8.10 full-disk encrypted LVM on the laptop. However, I'm trying to resize the HDD as to create free spaces for a new LVM + Cryptsetup + LUKS encrypted partition that I'd be able to access.

Should I be installing Ubuntu on regular LVM then from there, to resize the LV to...20G then create the new VG + LV for encrypted partition? Lot of partitions surely got me confused.

I only wanted to create a encrypted partition for my laptop (on one HDD) where I can storage my data in... in either encrypted LVM or regular LVM. Perhaps you can write a tutorial if you have the time? Please do advise. Thank you.

Re: How to: Resize an Encrypted Partition (LUKS)

hey,
unfortunately i have problems using cryptsetup resize.
I'm trying to free some space for a windows installation.
i'm following the steps descriped here. But after the cryptsetup resize i have the following problem:

cryptsetup status shows the size the partition should have after the resize.
if i close the cryptpartition with cryptsetup luksClose the partition has its old size in fdisk and when i remount the partition using the harddiskdetection function of the alternate cd (im installing from an alternate cd) the encrypted partition has its old size.

Re: How to: Resize an Encrypted Partition (LUKS)

Originally Posted by madmufflon

hey,
unfortunately i have problems using cryptsetup resize.
I'm trying to free some space for a windows installation.
i'm following the steps descriped here. But after the cryptsetup resize i have the following problem:

cryptsetup status shows the size the partition should have after the resize.
if i close the cryptpartition with cryptsetup luksClose the partition has its old size in fdisk and when i remount the partition using the harddiskdetection function of the alternate cd (im installing from an alternate cd) the encrypted partition has its old size.

any help is appreciated
thanks,
martin

Can you please give us more details ? What is your set up ? Are you using LVM ? What command did you enter and what output are you looking at ?

Did you read cbonar's post ?

There are two mistakes one can make along the road to truth...not going all the way, and not starting.
--Prince Gautama Siddharta

Re: How to: Resize an Encrypted Partition (LUKS)

thanks for your answer,

i'm using the ubuntu 8.10 standart setup (installed via alternate cd), so I am using an LVM.
I'm running a Dell Studio Notebook with a 250GiB harddisk. At the moment this harddisk is fully covered by my ubuntu 8.10 x64.

(Other Values vor the cylinders, arround 70000 but only a short range) when i try to enter a value which fits for me (from 230 to arround 200gb) fdisk says something about "value out of range". Even for very small values (10gb or so) it does not work with the same error.
If i let the harddiskrecognition of the Alernate CD detect the harddrives and mount the encrypted partition cryptsetup status sda5 says it has the old size ( the size before crpytsetup resize).